On the Verge of Extinction?

Once all the buzz, the enterprise CIO may be disappearing. What went wrong?

Though no one is sure exactly when it happened, the phrase "enterprise CIO" began popping up in technological parlance in the mid-1990s. Instead of a plain old CIO, the enterprise CIO joined the elite "C level" executives. The rationale behind this trend was that CIOs should be equal to CEOs, CFOs and other "chiefs" because they juggle responsibilities that influence the health of the whole organization, the enterprise.

Along with increased importance was supposed to come increased power. The new enterprise CIO in government was to draft jurisdiction-wide IT strategy, bring agencies or departments in line with that strategy, crack the whip when necessary and look for ways to save money by consolidating IT projects and purchases.

Before climbing to this more rarified air, CIOs typically were housed in a government's finance or administration department and reported to the director of those agencies. In local government, enterprise CIOs set up shop in the mayor's office or city manager's office, depending on the structure of the particular municipality. In state government, enterprise CIOs took seats in the governor's Cabinet or in the governor's office. But lately the position of enterprise CIO appears to be losing luster. Some state and local governments have taken steps to nudge CIOs away from C-level positions of power and authority.

Is the position simply in transition? Or is the enterprise CIO becoming extinct? Becoming extinct requires, of course, existence -- and whether the enterprise CIO existed in the first place is open to debate. One measure, taken from a survey conducted by the Center for Digital Government, found that of the highest-ranking 34 states, only 14 employ true enterprise CIOs (see sidebar). That translates to just 31 percent employing an enterprise CIO -- a compelling case that enterprise CIOs are not the norm.

Paper Tigers?
Even if a few enterprise CIOs exist in state government, it doesn't mean they can act with omnipotence.

"What a CIO needs is pretty much carte blanche control over IT in the state," said Phil Windley, former CIO of Utah. "You need to be able to move people around. You need to be able to hire and fire. You need to be able to start and stop projects -- the same way a CIO would in a private-sector company. But the legislature is not willing, at least in Utah, to cede that kind of authority over to the executive branch."

Windley said there are organizational models that might support an enterprise CIO in state government -- citing Michigan's Department of Information Technology and Virginia's IT consolidation efforts as promising examples.

"But the bureaucracy reacts badly to that," he said. "Departments are not anxious to have their IT moved out. They like to keep control of these things."

Though Windley reported directly to Utah Gov. Mike Leavitt, the actual statute defining the CIO position houses the CIO in the Governor's Office of Planning and Budget. According to Windley, Leavitt said he wanted Windley in the governor's office, so that's where Windley went.

The enterprise CIO doesn't really exist in government, said Windley, despite assertions to the contrary, because state CIOs don't have the ability to force enterprise changes.

"I'm fairly close with the CIO of Siebel, and I've had some fairly extensive talks with the CFO of Oracle, and in both cases they just laughed at some of the problems [Utah] had," Windley said. "They said, 'Gee, we'd solve that problem in about 3 minutes.' We'd say, 'This is the way we're going to do it,' and that's the way it would be.

"In the state, you've got staff, for better or worse, that feel like they're in control. They've been here a long time," he continued. "You've got the legislature, which is not willing to cede that kind of authority to an individual -- a lot of the things you'd think of a CIO doing at the enterprise level in private industry -- state CIO's just don't have the authority to pull off."

CIOs discovered that sitting in the governor's Cabinet didn't necessarily translate into supreme IT authority. Former Nevada CIO Marlene Lockard said she viewed herself as an enterprise CIO because she was appointed by the governor, sat in the governor's Cabinet and had the support of the governor when trying to implement an enterprise approach.

Still, that backing wasn't a guarantee she could truly function in an enterprise capacity -- in Nevada, as in many other states, existing statutes exempted certain agencies from the CIO's reach, she said.

"Those kinds of legislative issues and sacred cows must be successfully overcome to really get rid of the stovepipes and redundancies," she explained. "Because of the turf issues and the continuing silos that are so hard to break down -- and that's one of the things the enterprise CIO was supposed to do -- sometimes just being one person among equals at the Cabinet table isn't enough."

Lockard said one problem with using a Cabinet-level position as an IT bully pulpit is that other Cabinet members, if they don't place the same priority on enterprise IT strategy, view it as a peer trying to implement a pet project, rather than as a message directly from the governor.

"Instead, maybe you need that technology person with the vision and the enterprise view in the governor's office, so they speak for the governor to all Cabinet members," she said. "Some folks disagree with that, and 10 years from now there will probably be something else, but I view this as an interim approach to get people on board so the Cabinet members aren't continuing to resist."

Political Battles
It's not easy to detail reasons behind the constraining circumstances in which state CIOs work. First is government's duty to serve the public, no matter what. If a state government needs to come up with $4 million to avoid dropping thousands of children from a state-sponsored child health insurance program, it's easy to take it from IT spending earmarked for new PCs because PCs can wait, Windley said.

"There are always competing priorities that are going to seem more important than running government," he explained. "People say they want government to run efficiently, but I don't think most people really know what that means or would be willing to support it."

Second is politics.

In his resignation letter to Gov. Leavitt, Windley wrote: "One of the frustrating parts of being CIO is that the governor has very different ideas about what the CIO can and should do from what the Legislature, and in particular legislative staff, feel the CIO can and should do. This is a fundamental structural problem that will continue to cause problems if it is not solved."

All state CIOs can probably sympathize with this statement. The essential tension between a state's administration and a state's legislature is part of government. That tension has been part of government since the framers of the Constitution drafted the blueprint for governance of the United States of America to guarantee that no particular branch of government, at any level of government, wield too much power.

Just because it is so doesn't mean everybody has to like it.

To get re-elected, a candidate must maximize voters' perception that he or she is getting stuff done, Windley said. And that leads to a problem: A candidate for the legislature or a legislator running for re-election is only worried about that perception, nothing else.

"One of the great wonders of democracy is that every year we turn the budgeting and operation of a $7 billion organization over to a large, unwieldy group of poorly compensated small-business people, ranchers, teachers and housewives. Then we tell them they better look like heroes if they want to win the respect of their friends and neighbors so they can come back and do it again," Windley said in his Weblog .

"The first time I sat through a legislative subcommittee meeting, I was physically ill," he continued. "There's almost no hope of doing 'the right thing.' You have to just hope there's not too much damage when the smoke clears. The problem isn't that these aren't good intentioned, bright people -- they are. They're just caught in an interesting situation."

What's the Role Model?
Given the various governance issues CIOs must work through (or around), CIOs also find their jobs being defined by other, external pressures.

"The entire concept of enterprise CIO is in transition," said Rick Webb, associate partner in the state and local government practice of IBM's business consulting services.

The severe budget crisis facing state and local government, the continuing mandate for electronic government, governments' drive toward consolidating infrastructure and building to standards and architectures that make economic sense, and the need to set strategic IT direction that responds to all of these pressures is forcing the role of enterprise CIO to change, Webb said.

"For all of these, it's very important someone is in both a policy and operations role to drive them," he said. "Therein lies the challenge for the enterprise CIO; you can't separate thinking from doing. At the same time you're thinking in a policy world, you've got to also be able to implement. That's a challenging task."

In early February, Webb said he participated on a panel at a seminar convened by Harvard University's John F. Kennedy School of Government discussing how newly elected governors should use technology to meet their political mandates.

Webb said at that seminar, the role of the state CIO generated plenty of discussion -- especially the concept of the federated CIO, who works more from a collaborative approach to solving IT problems. Due to the cross-jurisdictional nature of their job, Webb said he sees a similarity between the role of CIO and that of comptrollers and state auditors

He said those jobs are models for the elevated CIO role that would help CIOs work in an apolitical and cross-jurisdictional framework because in those roles, people are appointed to work through problems without regard to political affiliation.

"If we think about where states might go in the future, if you're going to place a person in a role of enterprise CIO, then you really need to put that person into a position that's longer term, where they can provide a function just like a controller or an auditor or a budget director might do," he said. "That brings on a lot of discussion, but that's one instructive model that is worthy of looking at.

"I don't think that a hunkering down mentality of backing up from an enterprise approach and moving that role of CIO to a lesser degree or lesser level is the answer," he continued. "If you move an enterprise CIO, you've got to match the governance framework with that position. It's one thing to call someone CIO. It's another thing to give them the power and authority necessary to carry that role forward. You've got to really establish a governance structure that ties to architecture standards and finance operations in government so you have some teeth in the governance structure going forward."

Compromising the CIO Position
In two well-documented instances, legislatures have attempted to change, water down or disperse the powers of the enterprise CIO. California has suffered well-publicized troubles with its CIO position. Though the legislation defining the position originally structured it to be an enterprise CIO, opponents sank key provisions as the bill traveled through the political process.

What emerged was a bill that created an ill-defined CIO with vague powers that conflicted with powers of other departments and agencies. Ultimately, the CIO position was unable to accomplish what the Legislature wanted, and the state's Department of Information Technology shut down last year.

The state seriously reconsidered the CIO role, and it appears a more federated approach to IT management will be the way California handles IT governance.

The new approach gives state agencies more latitude. The new model withholds absolute power from the state's CIO and creates an environment of collaboration, not fiat. California CIO J. Clark Kelso released his proposal for a new IT governance structure in mid-February, and collaboration is key to his new proposal.

Though Kelso retains some enterprise type of responsibilities -- including drafting a strategic plan for the state -- power is shared among such agencies as the departments of Finance and General Services.

Other states, Virginia most notably, took steps to introduce sweeping changes to their IT governance models in a move away from the enterprise CIO. Gov. Mark Warner introduced a legislative package in December that proposed dramatically altering the state's IT structure. (See Altering the Structure.)

When one piece of the legislative package, HB 1926, hit the House of Delegate's Committee on Appropriations, interesting amendments were made to the bill.

One provision in the amendments was the creation of a CIO who would be appointed by the Information Technology Investment Board (ITIB). The CIO would work under a five-year contract, report directly to the board and serve as the director of the Virginia Information Technologies Agency (VITA). (See Potential Power.)

In Warner's version of HB 1926, VITA was to be headed by a director (appointed by the governor himself) and the secretary of technology would have served as CIO, with many of the powers outlined in Potential Power.

One reading of the House of Delegates' amendment is that it strips Virginia's technology secretary of operational power, leaving the secretary with strictly policy powers. That results in two technology officers with different spheres of influence, rather than one enterprise CIO with both policy and operational power.

At first glance, it appears Warner and the Legislature are at loggerheads. The governor's initial legislative recommendation put one person in charge of a dramatic consolidation of power into one technology agency, while the Legislature opted to create a second IT leader with many of the operational powers some would argue the secretary of technology needs to carry out a strategic vision that impacts the entire state.

The enacted version of the bill creates an independent CIO and includes other amendments made by the Legislature.

Is this the best of both worlds? Or is it a recipe for disaster?

Be Careful What You Wish For
To Nevada's Lockard, what's happening in Virginia could be seen as the inevitable outcome of elevating CIO type positions to Cabinet level.

"CIOs have to be careful what they wish for," said Lockard, who is now vice president of e-government strategy at EZGov. "The elevation of CIOs to Cabinet-level positions is really a double-edged sword. Elevating their position and status to a Cabinet member level got them a seat at the table with the governors, but that then made them subject to the vagaries of politics."

This past year, even before the November elections, there were numerous changes in state CIOs, Lockard noted, and compounding that turnover was the unprecedented number of new governors after the November elections.

"The status and stability of state CIOs is in serious jeopardy," she said. "Before, when technology was perceived as data processing and it was buried in the basement somewhere, you had folks there for years. The challenge now is how to bring stability back to the technology arena while still having the ear of the governor and the influence and the policy input of the governor."

Virginia officials said the independent CIO idea came from the Joint Legislative Audit and Review Commission, the research arm of the Legislature.

Virginia's new ITIB will be composed of 10 members -- four appointed by Warner, four by the Legislature, and Virginia's Secretary of Technology George Newstrom and the Auditor of Public Accounts will serve as the ninth and 10th members, though in a nonvoting, ex officio capacity.

Virginia sources said Newstrom is expected to be elected chairman of the ITIB, which practically speaking, would create a structure in which the CIO will report to a body controlled by the governor and directed by the technology secretary.

This was apparently a compromise reached between the Warner administration and the Legislature. Sources said the compromise will work in Virginia because the goal of all parties is the same: to overhaul and restructure the management of IT in Virginia government.

Newstrom said the Virginia bill has been misunderstood. One reason is Virginia's extremely short legislative session, which he said often results in bills going through wholesale changes overnight and changing dramatically over the course of just a week. It's very easy, he said, for outsiders to perceive the volume of changes to a particular piece of legislation as the result of Machiavellian power plays.

Another reason is the widespread perception of his role, Newstrom said.

"I am the secretary of technology, but I have this additional title -- CIO," he said. "I can assure you that title is in name only. I am not the CIO of Virginia. Every executive branch agency and every college and university has their own CIO who doesn't report to me. Their technology plans, their structure -- they do it all themselves.

"The legislation that passed, while it doesn't do exactly what we wanted when we went in, it is substantially different than what we have right now," Newstrom continued. "Right now, we don't have a CIO, per se. We have 91 CIOs."

Newstrom said the legislation gives Virginia's CIO the ability to manage, govern and account for IT across the enterprise, as well as set forth policies, procedures and standards for the entire enterprise -- something sorely missing from the state now.

Perhaps the most critical components of the legislation are the independent nature of the CIO position and the reporting relationship under which the CIO works, Newstrom said.

"The governor in Virginia is elected for one, four-year term only," he said. "We're the only state in the union in which the governor can't succeed him or herself. The reason for having an independent CIO is so that person could transcend administrations, versus having the CIO specifically tied to the whims of the political structure, and potentially having a new CIO every four years.

"You see that happening all over the United States, even in dual-term governorships," he said. "Plus, not only is this an independent CIO, that person is under a five-year contract to the board. This also transcends our budget cycle, which is a two-year cycle, and it transcends a single governor's budget capability. From that perspective, I see this as a very positive step for Virginia."

The End of Collaboration?
From local governments' vantage point, the possible extinction of an enterprise CIO at the state government level is disturbing, said Michael Armstrong, CIO of Des Moines, Iowa. Though Des Moines' relationship with the state's Information Technology Department (ITD) will continue, Armstrong said he's not sure the relationship would have gotten off the ground without Richard Varn, Iowa's former CIO, who did a lot to make it happen.

Armstrong said the extinction of the enterprise CIO at the state level will make collaboration between state and local governments more difficult, especially when it comes to developing cross-jurisdictional relationships.

"That's kind of sad because what we did was a really good thing," he said, citing the work he did with Varn and the state on three cross-jurisdictional e-government projects. "We used the state's e-payment engine to do our parking ticket application, and it's been very effective. It's a great way to collect money."

Iowa's ITD hosts part of the application and handles authentication and banking relationships for Des Moines. ITD's Web-design team contributed graphic design to Des Moines' site, hosted electronic applications and forms, and webcast city council meetings and archived that video for Des Moines, Armstrong said.

The existence of a single IT officer at state level greatly helps large cities in a state because city technology officials know who to talk to, according to Armstrong.

"If you've got somebody highly placed in an enterprise, it becomes easier to cross those blurred boundaries because you're dealing with somebody who can speak with some authority," he said. "You also have a chance to develop personal relationships, and that can be very important."

That scenario changes when a local government CIO has to deal with a person from the state who holds a title such as "special adviser to the governor on technology."

"That divorces you from the peer relationship," he said. "When you get a call from a CIO, you're probably going to take it because you assume there's some sort of shared interest there. A special adviser to the governor is more likely to be a political operative and somebody who may not speak exactly the same language and may not have the shared interest that CIOs have. It's another level of abstraction.

"It's easier for me to call a state CIO who I know, or I'm at least aware of, than it is to directly contact somebody in the governor's office -- particularly if they're a high-level adviser," he continued. "It's unlikely that person has any idea who I am or has any idea of what I might want."

CIO Myths
It's tempting to believe enterprise CIOs in the corporate world, unlike public-sector CIOs, can simply snap their fingers and poof!, the business units fall in line and do what the CIO says.

That belief doesn't necessarily reflect the reality of the corporate world, said Tom Davenport, director of Accenture's Institute for Strategic Change.

"It's not uncommon -- even when you have an enterprise-level CIO -- for there to be business unit CIOs and certainly a lot of distributed IT that doesn't necessarily pay a lot of attention to what the enterprise-level CIO is pontificating about," said Davenport. "Even once you have the position, it can lack enough power to really make it real."

An enterprise CIO with absolute power in an organization is risky because IT serves many masters in an organization, he said, and those masters (be they business units or state agencies) will want a say in how IT supports their role, their business processes and their mission.

"Smart, enterprise-level CIOs don't assume all power to make IT decisions," he said. "It's smart to share that power and identify executives at various levels who are going to give you their opinion. Then you have to deal with that, of course, if you ask for it."

CIOs in the private sector face some of the same problems as public-sector CIOs, especially when it comes to longevity issues. In government, if an enterprise CIO is the "governor's guy," that CIO is out of a job when the governor leaves office.

"The career tenure of private-sector CIOs hasn't been terribly impressive," Davenport said. "As of a few years ago, the tenure of a private-sector CIO averaged 2.5 years. It's eased somewhat, but the other thing is that CEO tenures have been shortening pretty dramatically as well. You can be the CEO's guy, come in with the CEO, and if you're an integrated part of the C management team, you can suffer just as much when the CEO leaves as a state CIO would suffer when the governor leaves."

CIOs in the private sector share the same sort of reporting relationships with CIOs in the public sector. Davenport said the most common reporting relationship in the private sector has the CIO reporting to the CFO, though the ideal reporting relationship would be for the CIO to report to the COO because of IT's usefulness to the entire organization.

"CEO direct reports -- people have been talking about it for quite some time -- are still under 20 percent, if I had to guess," he said. "The last time I saw some numbers, CFO reports were close to half, which is kind of surprising, given that people like me have been saying for years that IT is not just about finance and accounting."

Another View
To some, the debate on just how strong a CIO position should be mirrors a broader technological debate currently raging in society itself.

"When do you create a collective standard? And then who benefits from it? And then who gains that benefit are huge sets of issues not only within government, but within society at large," said Jerry Mechling, lecturer in public policy at Harvard University's John F. Kennedy School of Government.

"Much of the legal fight about Microsoft isn't that there has been value created because we standardized on an operating system that creates a platform for everybody to deliver software," said Mechling. "The balance between standardization as a creator of value and continued innovation as a creator of value is starker and more important in technology than in almost anything else."

The problem then becomes how standards are set in government.

"One way to get a standard is to say, 'We authorize the czar, the king, the CIO to resolve all these issues and listen to all the sides, but not to listen too long, because we want somebody who can actually decide,'" he said. "But particularly in government, where checks and balances and due process and worries about centralized power have often been the primal sort of design principles, it's hard to get a final, central authority in place."

Some organizations are moving away from a strong, centralized approach. That's tempered by an equal number of organizations realizing that creating the right degree of standards, interoperability, and economies of scale and scope does require central decision-makers, Mechling said.

Though a strong central IT agency or a powerful CIO may not be the form governments take in creating decision-making power, the issues won't go away, Mechling said, and governors will have to find some way to manage technology without relying on the status quo. It's clear administrations will be forced to forge different relationships with powerful agencies and with their respective legislatures to craft their state's IT future, solve enterprise conflicts in the IT arena and implement IT plans and projects.

"One of the most credible ways to get attention and to resolve a conflict is if there's an obvious authority that can just decide," he said. "Presidents and governors can often do that. But often, they are just the most powerful among a negotiated crap game that sort of floats on and on and on."

One problem is that the "crap game" may never produce the necessary changes to a state's IT strategy because the players are the only ones paying attention to the game.

Mechling said substantive change often comes when the entire political culture surrounding a government -- the business community and citizens -- wants to force the change, which usually happens when the public starts paying attention to a particular situation. Citizens will push for reforms that directly affect the community, such as Megan's Law and Amber Alert systems. But he said when it comes to reforming or changing government itself through technology, the attention of the political culture is more difficult to hold.

"One of the problems with e-government is that it's government reform," Mechling said. "For many people, they roll their eyes; they say, 'Government is too complex. It's been with us since Adam, and it won't change.' There's no real politics in that kind of reform. There's no punishment of those who don't do well, and there's no reward for those that do well."

Shane Peterson is the associate editor for Government Technology magazine.